Best Practices for IPS Sensor that are discussed in Chapter 14, "Troubleshooting Cisco Intrusion Prevention System," also apply for NM-CIDS. In addition to that, here are some recommendations to keep in mind when you are implementing NM-CIDS:
You must have the CEF switching turned on the IOS router.
You must not configure NM-CIDS and integrated IDS/IPS feature on the IOS router.
Do not configure traffic monitoring on the interfaces that are not required. Remember that the monitoring is applied in inbound and outbound directions.
Be sure that the NM-CIDS interface is configured with an IP address that is not routable. It is also recommended to configure a loopback and apply that as an unassigned interface under the NM-CIDS interface.
For Blocking, you must have a route for Command and Control (C & C) interface to the managed devices (Router, PIX, and so on).
Baseline CPU and memory utilization before and after turning on NM-CIDS.
Block unnecessary traffic using an ACL on the interface of the router, instead of relying on the NM-CIDS to save CPU cycles and memory utilization of the router.
Implement AAA on the router so that NM-CIDS access can be limited for certain users using authorization configuration.